Mac Malware Mainly Low-Risk Proofs of Concept in 2010

Despite the number of Mac-specific threats and proof-of-concept code that appeared in 2010, Mac security risk remains relatively low. However, Mac users need to become more security-savvy to keep the risks low.

There were a number of Mac-specific threats in 2010, and security
researchers became more vocal about Mac security. In fact, Intego, a Mac
security vendor for Virus Barrier x6, published its first annual review of Mac
threats on Jan. 20.
Calling 2010 a "busy year" for Mac security and malware, Intego
highlighted in its report proof-of-concept malware and "trickware"
that emerged in 2010, security vulnerabilities discovered in the operating
system, and iOS security.

Koobface,
the cross-platform worm that spread via Facebook, Twitter and MySpace, was a "serious
problem" but was poorly coded, making the threat very low, Intego said.
When users navigated to sites infected with Koobface to view videos, the sites
attempted to install a malicious Java applet. Users were alerted by a dialog
asking if they wanted to install an applet. Koobface did highlight, however, the
likelihood that more virus authors will use Java
to create cross-platform malware that targets non-Windows machines as well.

While actual Mac malware in the wild remained relatively rare, Intego pointed
out ways the threats could have been worse. An example was OpinionSpy, spyware
installed by free screen savers. OpinionSpy was intended to be a benign tool
collecting information on users' browsing habits, but its features could open
backdoors, inject code into applications and download new code without users
being aware, said Intego.
Intego found on various forums a variant for HellRTS,
which opened a backdoor on computers running OS X to give remote users the
ability to take control and execute commands. This variant was not found in the
wild, but it can lay dormant indefinitely as the authors figure out new
delivery mechanisms, Intego said.
Another example of proof-of-concept malware that never made it onto users'
Macs was "ransomware," which could encrypt and password-protect files
on users' computers. To unlock the files, an infected user would have to pay
the authors ransom. It was found on a few blogs but not in the wild, Intego
said. The report noted that the proof-of-concept was based on a feature, not a
bug, in Mac OS X, which would make it difficult to defend against.

Intego's Virus Monitoring
Center also saw a "large number"
of RSPlug malware, which dates back to 2007. Windows malware tends to peter out
pretty quickly after initial infection as antivirus and other security products
learn to detect and remove them. With a majority of Mac users still not
installing an antivirus application, older threats seem to hang around longer,
so RSPlug can do as much DNS tampering in 2011 as it did when it was discovered
in 2007.
Mac and iOS users are at low risk from serious security problems, but they
need to increase their awareness of phishing attacks as well as Web and
application-based threats, Intego said. At the moment, most Mac malware
requires users to willingly install and actually grant administration
privileges before it can infect a machine. However, malware will try to mislead
non-security savvy users into authorizing installations of suspicious software
or steal money through phishing sites and e-mail scams, Intego said. There were
a number of phishing scams in 2010 pretending to be from Apple as well, Intego
said.